Speeding up LDAP authentication

Lots of people use SGD with Directory Servers and it's easy to setup.
In the Array Manager simply enable the LDAP login authority and point SGD at the Directory Server.
Here's an example:

Now out of the box the LDAP login authority is very thorough in checking the supplied username against all of these searchAttributes:
{ cn, uid, mail, userPrincipalName, sAMAccountName }

And so for large directories this may take some time and lead to a slow login process.

So here's a tip:
Trim the list of search attributes down to say { cn, mail }.
The command to do this is:

/opt/tarantella/bin/tarantella config edit --searchldapla.properties-searchAttributes cn mail

Hopefully you'll see that this makes searches much faster and consequently the login process too.

-FB

Comments:

Great page, really useful tip, thanks Fat Bloke. The config edit command needs the sgd server to be stopped before it can be run.

Posted by Fat bloke's number 1 fan on April 20, 2007 at 04:47 AM BST #

Post a Comment:
  • HTML Syntax: NOT allowed
About

Fat Bloke

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today